CVE-2023-24422
sandbox bypass vulnerability in script-security (Maven)
What is CVE-2023-24422 About?
This vulnerability is a sandbox bypass in the Jenkins Script Security Plugin, allowing authorized users to escape the sandboxed environment. Successful exploitation can lead to arbitrary code execution within the Jenkins controller JVM, posing a significant risk to the integrity and availability of the system.
Affected Software
Technical Details
The Jenkins Script Security Plugin provides a sandbox for safe execution of Groovy scripts by restricting dangerous operations. This specific vulnerability is a sandbox bypass involving map constructors. An attacker with permissions to define and run sandboxed scripts, including Pipelines, can craft a malicious script that leverages how map constructors are handled. This allows them to bypass the security restrictions of the sandbox and execute arbitrary code directly within the Jenkins controller Java Virtual Machine (JVM), effectively gaining control over the Jenkins instance.
What is the Impact of CVE-2023-24422?
Successful exploitation may allow attackers to execute arbitrary code in the Jenkins controller JVM, leading to complete system compromise, data manipulation, or denial of service.
What is the Exploitability of CVE-2023-24422?
Exploitation requires an attacker to have authenticated access with permissions to define and run sandboxed scripts (e.g., Jenkins pipeline scripts). The attack is remote, leveraging the Jenkins web interface. It involves crafting specific Groovy code within the sandboxed environment to trigger the map constructor bypass. While a proof-of-concept exists, successful exploitation demands specific knowledge of the vulnerability and the Jenkins environment. The primary risk factor is the availability of authenticated users with script execution privileges. No complex prerequisites beyond these permissions are specified, making it moderately complex for an attacker with the right access.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| shoucheng3 | Link | PoC for CVE-2023-24422 |
What are the Available Fixes for CVE-2023-24422?
Available Upgrade Options
- org.jenkins-ci.plugins:script-security
- <1229.v4880b → Upgrade to 1229.v4880b
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-76qj-9gwh-pvv3
- https://github.com/jenkinsci/script-security-plugin
- https://nvd.nist.gov/vuln/detail/CVE-2023-24422
- https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
- https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016
- https://github.com/jenkinsci/script-security-plugin/commit/4880bbe905a6783d80150c8b881d0127430d4a73
What are Similar Vulnerabilities to CVE-2023-24422?
Similar Vulnerabilities: CVE-2024-34145 , CVE-2022-29780 , CVE-2021-21674 , CVE-2020-2221 , CVE-2019-1003000
